Credit Freeze

If you haven’t already, consider freezing your credit to prevent new credit accounts from being opened in your name without your permission. Here are in-depth instructions and details: Help Protect Your Financial Future: Freeze Your Credit – Foster Institute

Monitor Financial Accounts

Keep a close watch on your financial accounts for any unauthorized activity or transactions. Consider subscribing to an identity theft protection service, which can help monitor your information and alert you to potential misuse of your personal data. If you didn’t place the credit freeze mentioned above, doing so is essential.

Beware of Fraud and Scams

Beware of email, text, phone calls, or messages popping up on your computer that claim you are hacked and offer tech support help. Familiarize yourself and your family with the latest fraud techniques. Be skeptical of emails, phone calls, or messages that request personal information or direct you to websites asking for personal or financial data.

Be Cautious with Search Engine Results that are Ads

Threat actors can purchase ads so that, if you search for keywords such as ‘My phone provider database was hacked,’ the ad, disguised as a helpful search result, will appear at the top. This can lead you to a page designed to defraud you or compromise your computer

To help protect yourself, when you search, scroll down and click on the organic search results rather than the ads. You are more likely to access safer websites.

Malicious advertising is not limited to search engines. Advertisements on websites can be just as dangerous. These attacks are called malvertising and trick millions of users each year.

Change Passwords Immediately

If you haven’t recently, change passwords for all your accounts including phone provider, social media, banking, and other sensitive accounts, especially if you’ve used the same password for multiple accounts.

Use a Password Manager

Consider using a password manager to manage your unique passwords on every website. Detailed information about using password managers: Password Managers Speed Your Workflow – Foster Institute

Set Up Unique Security Questions

When setting up security questions, avoid real answers that are easy for a bad actor to research. Instead, use fictional answers like, “The fourth crater on the moon.” Save your secret answers in a randomly named file such as “socks.docx,” and consider encrypting this file for added safety.

Enable Two-Step Verification

Enable two-step verification for accounts. Prioritize setting this up on sensitive websites and services where it’s available.

Update Operating Systems and Software

Ensure that all your devices have the latest security software, web browsers, and operating systems updates and patches. This is one of the best defenses against viruses, malware, and other online threats.

Secure Your Tax Identity with an ID.me Account

Given that social security numbers were compromised, there’s an elevated risk of someone attempting to file a fraudulent federal tax return in your name. To combat this, consider registering for an ID.me account which provides access to IRS services. With this account, you can also apply for an IRS Identity Protection PIN (IP PIN) that adds an extra layer of security to your tax filings by requiring this unique six-digit number on your tax return.

Protect Your Property Records

With personal details like your SSN in the wrong hands, even your home ownership documents could be targeted. It’s advisable to monitor and possibly register your property deeds with services that alert you to any unauthorized filings or changes. While a universal solution for this isn’t available yet, taking initial steps such as contacting your local county clerk’s office to inquire about protective measures can be beneficial.

Awareness for Business Impact

Businesses, particularly those utilizing services from the breached provider, should be acutely aware of the implications this breach can have on their operations. It’s crucial for business owners to assess their exposure and strengthen their internal security measures, including employee training on data privacy and regular security audits to prevent further damage.

Register for Online Tax Accounts in All States

To prevent the misuse of your personal information for fraudulent state tax filings, consider registering for an online tax account in each of the 50 states. This pre-emptive registration can block identity thieves from creating accounts in your name, a tactic increasingly used to commit tax fraud across state lines.

Digital Footprint and Data Sharing

Be vigilant about the information you share online and through mobile applications. It’s crucial to minimize data sharing and scrutinize the permissions you grant to apps, especially those that request access to sensitive personal information. Educate yourself and limit exposures to safeguard against unauthorized data usage. The less information threat actors can gather about you, the more difficult it will be for them to misuse your identity.

Review and Update Privacy Settings

Regularly review and update your privacy settings on social media and other online platforms to ensure minimal public exposure of personal information. This proactive measure can significantly deter fraudsters from using accessible data to facilitate identity theft or scams.

Legal and Financial Consultation

Consult with legal and financial advisors to explore additional protective measures tailored to your personal or business circumstances. Discuss setting up legal structures such as trusts to shield assets, or other strategies that may offer enhanced security against identity theft and financial fraud.

Emergency Contacts and Protocols

Prepare an emergency contact list and establish protocols for immediate action if you suspect identity theft or if a data breach occurs. Include the contact information for essential services such as credit bureaus, your bank, and legal advisers, to ensure a swift and organized response to security threats.

Forward this message to your friends so they can follow these steps can help mitigate the damage from the breach and protect their personal information.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

Disclaimer: The information provided in this blog is for general informational purposes only. Technology changes constantly, and some of this information might become obsolete or incorrect. We do not endorse or receive compensation for mentioning products, services, or brand names. Any outbound links provided are for your convenience and to get you started, but we cannot guarantee the security or safety of those external websites. Conducting your research and making an informed decision about any products or services mentioned here is essential. We shall not be held responsible for any actions taken based on the information provided.

The post Protecting Your Financial Interests in the Wake of a Major Data Breach appeared first on Foster Institute.

The post Leadership in the Line of Fire: Cleanup or Clean Slate? appeared first on Foster Institute.

The Risk: When Convenience Becomes a Liability

Imagine this: You’ve visited a coffee shop and connected your smartphone to their Wi-Fi network. Your device remembers this network to connect automatically next time. Seems harmless, right? Here’s where the risk creeps in.

Once you tell a device to automatically reconnect to a remembered network in range, your device will continuously send out “probes” or signals looking for that network, typically one to four times a minute and more often when other events can trigger a probe. A threat actor can set up a Wi-Fi access point with a common SSID name, such as “home.” And what if your device is configured to automatically connect to a network you trust named “home?” When your device, say your smartphone or laptop, is within range, it might automatically connect to this rogue Wi-Fi network without your knowledge.

The Trap: A Deceptive Doppelgänger

This rogue network, set up by the threat actor, is a doppelgänger of your trusted network but with nefarious purposes.

Remember: Your device connects to the rogue access point automatically and often without alerting you at all. (see “what about passwords” below). This attack does not need you to make any mistakes to succeed, and it can happen without your knowledge.

Ten common network names threat actors can use that will often lure devices from unsuspecting users to connect include:

• xfinitywifi
• linksys
• Marriott_Guest
• Hyatt
• hhonors
• NETGEAR
• Guest
• dlink
• FreeWifi
• Home

To make it even easier to connect, there are commercially available devices that listen for the SSID name in a probe from an unsuspecting user’s device and then broadcast that name in an effort to capture the device’s connection. In that case, it doesn’t matter how unique your SSID is, an automated device can attempt to establish a connection without your knowledge. If you are technically minded, you can read the section at the bottom of this article for a detailed explanation of how probing works.

Once connected, the attacker can intercept your device’s data. This interception could be called a “Man-in-the-Middle” attack. Thanks to encryption technology, the attacks are more complicated than they used to be, but they are still possible in some circumstances. If the attacker successfully establishes the Man-in-the-Middle connection, imagine sending confidential emails, accessing your company’s financial data, or even logging into your personal banking app, all while an unseen cybercriminal is potentially recording every keystroke and data transfer.

Another serious concern is if threat actors know of undiscovered vulnerabilities that will allow them to hack into your device. This is one of the most important reasons to always apply security updates when they are released and always keep backups for the unlikely scenario of an update causing a problem on your device. Even if you applied all of your security updates, sometimes attackers know of ways to break in that haven’t been discovered by the device’s manufacturer, operating system producer, or app developer yet. Thus, there are no updates written. Bad actors can use tools to scan your device and exploit vulnerabilities quickly. Their ultimate goal would be to take control of, or pwn, your device. This isn’t always easy if you have all your updates in place, but it isn’t impossible either.

The Consequences: A Digital Pandora’s Box

The consequences from attackers successfully tricking your device into connecting to their rogue access point and exploiting vulnerabilities can range from private information exposure to significant breaches:

1. Personal Data Theft: Sensitive personal information can be stolen.
2. Corporate Espionage: Confidential business information could be compromised.
3. Identity Theft: Your digital identity could be used for fraudulent activities.
4. Network Infiltration: Once a device is compromised, it can serve as a gateway to your business’s entire network.

Prevention: Turning Awareness into Action

As executives, instructing your workers to implement security measures is crucial. Here are some actionable steps you can take in the Wi-Fi settings of your laptops, phones, and tablets:

1. Forget Networks: In your device’s Wi-Fi settings, examine the network names identified as “remembered” or “my networks.” Tell your device to ‘forget’ networks by removing them from the ‘my networks’ list, except those you use frequently. Were any of the ten listed above remembered on your device? To establish the unauthorized connection, the threat actor would need to use the name of one of the networks you leave remembered or use the device mentioned above that responds to probes for names your device sends.
2. Avoid a False Sense of Security: If your device has the “Ask to Join Networks” setting, read the fine print. The device will still join known network names without asking. The setting is usually more about asking before joining new or unknown networks, rather than known ones.
3. Turn off Wi-Fi When You Aren’t Using it: To reduce your exposure dramatically, disable Wi-Fi when you are not using it. Your device will stop probing, stop listening for access points broadcasting their name, and won’t connect to any Wi-Fi networks. Some devices have a quick shortcut to turn off Wi-Fi from an easily accessible menu, but they might turn Wi-Fi back on again after a while or when you move to a new location. On those devices, if you go into “Settings” to disable Wi-Fi, it should stay off until you manually change the setting to “on” again.

What about Wireless Passwords?

If the original remembered network you connected to, such as the coffee shop network, had no password, your device would join the network automatically and not alert you. This is a common risk with some remembered networks. You may have noticed that many hotels and some coffee shops and restaurants now require no Wi-Fi password; this is undoubtedly to reduce guest frustration and the number of calls from hotel rooms to the front desk asking for the password. The prevalence of public networks without passwords makes it especially important for you to tell your device to forget networks and be sure to forget the ones with no passwords.

However, if the “remembered” network did have a password, then to get your device to connect automatically without warning you, the threat actor will need to set the same password on the rogue access point. It is simple for an attacker to know the password for coffee shops and other networks that share the password with guests.

Many companies will set passwords on networks and hopefully don’t write the password on dry-erase boards in the meeting room. Even if the passwords are configured at the company, and users do not know the password since the IT Professionals configure their computers, if an attacker is able to access one computer, in-person or remotely, there is a chance they can run a script to find out the wireless password for the company. This is why some companies use enterprise-level Wi-Fi authentication that does not rely on a shared password.  Or, attackers can use social engineering to successfully trick a user into providing the network password. If a user’s device doesn’t detect any anomalies between the rogue access point and the access point it is used to connecting to, the user will not be alerted they are connecting to a rogue access point, and their device will connect automatically.

An exception that might generate an alert is when there is a discrepancy between the security settings of the known network and the one to which the device is trying to connect. An example is when the rogue access point does not have a password, but the remembered network does. In this case, some devices will prompt you: “Are you sure you want to join this network?” The default button, “join,” is preselected. Unless you are on the lookout for this kind of message and know the seriousness, you might click “join” and not think anything of it. Sometimes, the device will connect and not alert the user but will quietly list the word “open” or “insecure” under the network name on the list of networks under settings. Most people do not periodically look at the Wi-Fi settings, so the label often goes unnoticed. Even if a user does notice the label, there is a good chance the attacker already probed for weaknesses and exploited any vulnerabilities they discovered.

However, if you ever see a prompt asking you to re-enter a password, that is a huge red flag, and you need to assess the situation carefully to determine if your device is attempting to connect to a rogue access point with an inaccurate password.

And to be sure you don’t have a false sense of security, remember that devices do not prompt the user if the security settings of the new network match those of the remembered network, and the device will quietly automatically connect even if it’s a rogue access point.

What about a VPN?

A Virtual Private Network (VPN) is a technology that encrypts data as it moves to and from your device. This encryption can prevent attackers from reading your data. However, it’s important to note that a VPN doesn’t protect you from attackers who scan for unpatched vulnerabilities, search for open ports, and exploit weaknesses on your device. Even if you use a VPN, you’re still vulnerable to such attacks. Follow the instructions above to help ensure your online safety.

Final Thoughts: Balancing Convenience with Caution

In today’s fast-paced digital world, convenience often beats caution. However, in the realm of cybersecurity, this trade-off can have dire consequences. As leaders, our role extends beyond making decisions; it includes understanding and mitigating the risks associated with the technology we use every day. Stay safe, stay informed, and lead your organization confidently in this digital age.

Technical Details About the Probing Process

For the more technically minded, here is more information about the probing process. When we say that devices are constantly probing, they are, and the probing might be once every 15 to 60 seconds. The probing frequency can vary, for example, if you put your device in low battery mode.

In addition to devices probing, know that Wi-Fi access points, including rogue access points attackers use, broadcast their network name, a process called beaconing, sometimes as often as ten times every second. The rate of beaconing is usually configurable by your IT Professionals.

If you look at “available networks” in “settings” on your device, you might notice that the list takes a few seconds to build because your device is cycling through multiple Wi-Fi frequencies, listening for the beacons.

An interesting setting not everyone is familiar with on wireless access points is that you can instruct the access point to be “hidden.” If you do, then the access point will not send out beacons. However, hidden networks, while not broadcasting their SSID, will still respond to direct probes that contain their SSID name. So, as soon as your device sends out a probe looking for the remembered hidden network, which it does regularly, as described above, the access point will respond, and your device will connect. Just because a network you “remembered” is hidden at your home or office doesn’t affect a threat actor’s ability to lure your device into connecting to their rogue access point, even if the hacker’s access point is not hidden.

Additionally, to reduce the delay in connecting, your device will send immediate probes in certain circumstances, such as when it wakes from sleep, when you open your laptop’s lid, or if you just disabled airplane mode. Your device will quickly find access points, even rogue ones, especially if they are “remembered.”

A significant benefit to attackers of your device probing periodically, such as every 15 to 60 seconds, is when the attacker doesn’t already know the network names your device has remembered. The attacker tools wait for the probe, then know the name, and the rogue access point automatically claims to have that network’s name. This is a very powerful way for attackers to capture as many unsuspecting users as possible without needing to predict the names of remembered networks.

Subscribe to maximize your executive potential with Foster Institute’s E-Savvy Newsletter, packed with practical IT security solutions and actionable strategies for success: https://fosterinstitute.com/e-savvy-newsletter/

Disclaimer: The information provided in this blog is for general informational purposes only. Technology changes constantly, and some of this information might become obsolete or incorrect. We do not endorse or receive compensation for mentioning products, services, or brand names. Any outbound links provided are for your convenience and to get you started, but we cannot guarantee the security or safety of those external websites. Conducting your research and making an informed decision about any products or services mentioned here is essential. We shall not be held responsible for any actions taken based on the information provided.

The post Outsmarting the Invisible Threat: How Cyber Attackers Hijack Your Wi-Fi Connections and How to Protect Yourself appeared first on Foster Institute.

1. Apple Stores! Isn’t it so neat that someone can walk into a store, experiment with the products, have workers who are very familiar with the products, and – if you decide to – you can buy a device right then and there.

2. Apples have a “cool” factor that is tough (though perhaps not impossible) to match. And many Apple users know how cool it is.

My wife phoned me immediately after last week’s newsletter, about Apple computers not having touchscreens, and announced, “You were way too harsh about Apple this time!”
“But Honey,” I explained, “We get the most responses on the blogs when I’m controversial about Apple.” She replied, “There is a difference between being controversial and adversarial!”

As usual, she is right. My wife said to tell you about her Apple Tattoo. That was a surprise to me too.

I do enjoy Apple, own and use two MacBook Airs that are a big part of every week for work. On the road, I carry two Airs and one Surface. I do use the Surface the most but don’t make up your mind until you’ve tried them both.

Bottom line: I respect Apple and enjoy their products. In fact, in many cases working with top level executives, I recommend to them the Apple (especially the Air) after finding out what their wants and needs are. Some dearest friends, and my lovely wife, are total Mac people too.

3. Apple’s “No-questions asked” 14 day return policy. Where else can you go buy a piece of hardware that you can use, including reloading the operating system with a new one such as Windows, connect every peripheral imaginable to test compatibility, and then can return it if it doesn’t suit your needs? After 14 productive days, you are likely to ask yourself how you ever lived without it. Or not. Isn’t it great for you to be able to find out?

4. Apple is a leader in the marketplace. Not just by selling so much hardware, but in the past, they’ve been “first to market” with features that none of their competitors had even thought of yet. Often, Apple defines the cutting edge. Though there is controversy, many Apple fans will tell you how the Macintosh was the first computer to even have a mouse – and then everyone else copied Apple.

5. Apple products actually work when you get them out of the box. Even “first releases.” Thank goodness, users of Windows products can now enjoy the same experience, but Apple was the first. Apple has the longest running record. Having confidence in the products you purchase is a huge buying factor for most people.

Keep an eye out: Next week will be the 5 more of 10 things to love about Apple.

The post 5 Things to Love about Apple appeared first on Foster Institute.

I’ve owned three MacBook Air computers and have loved them all. I bought the Airs because they are compact to carry, are very powerful, lightweight, durable, and really nice looking.

Apple iPhones and iPads have touch screens that we all love. We’ve become a touch-centric world, and Apple has driven that transition perhaps more than anyone.

The post Apple is Silly for Not Offering Touch Screens appeared first on Foster Institute.

So this newsletter is an “extra bonus” for you who still plan to search for a new computer. If you don’t want to click on the “for more information” links, it is ok to just read the text since you’ll still get what you need to know.

FORM FACTOR: Unless you are sure the user will only use a computer at a single desk and not benefit from moving around, buy a laptop. Laptops are fast, have excellent monitors, and some are very portable.

You can easily connect a world of peripherals at the office, at home, and any other “fixed location.” Using a “real keyboard,” mouse (for those monitors that aren’t touch enabled), printers, etc. is common at “desk” locations. And being able “to be mobile” is essential for people who are on the move. As you plan to connect to those external devices, read “Docking Stations are Dead”

You already know my affinity to the Microsoft Surface Pro which is a laptop and tablet combined: “When a Surface Pro Computer is Better than an iPad” and “Ditch the iPad and Get the Surface Pro?” And many other manufacturers make beautiful convertible tablets with similar features to the Surface Pro. Shop around.

OPERATING SYSTEM: You’ll find Windows 8.1 installed on new computers – and that is a fine way to go. Despite what you’ve heard, you can run Windows 8.1 in a way that looks a lot like Windows 7. See “Yes, Windows 8 Looks like Windows 7”

MONITOR: Get a Touch Screen – That’s where the world is going. If you will use the computer at a desk, then you need more than one monitor. Large monitors are inexpensive these days – get one of those. And, no, one large monitor is not a replacement for multiple small monitors. See “Are Your Employees Still Using Single Monitors?” for more information. This is a blog entry where a posting uses the word naked with multiple monitors in the same sentence: “Still Using Just One Monitor?”

You can connect multiple monitors to a laptop: “How to Connect Multiple Monitors to Your Computer” The only problem is that, so far, with multiple monitors only one of them can be used as your “touch screen” in Windows 8.1. The other monitors can support “touch screen,” but you have to choose which one to use as “touch.”

If you are buying for a “gamer” then you’ll want to max out on everything and maybe buy a specialized machine like those at Falcon Northwest or iBuyPower

RAM: For the rest of us, get a computer with at least 8G of RAM. If you think you’ll run many programs at once, or use memory hungry applications such as editing photos, then splurge on 16G of RAM.

DRIVE: Be sure that, unless you need to store an incredible amount of pictures, music, or movies, to get a solid state hard drive. Sometimes they are referred to as SSDs.

Yes, there are times that “old” hard drives (HDDs) with moving parts are better than SSDs., They have less capacity and are more expensive per gigabyte than drives with moving parts, SSD drives are faster, use less electricity (your laptop’s battery will last longer), resist magnetism, and better resist movement (such as a computer being dropped or used on an aircraft or train with lots of vibrations).

A good strategy is to use a SSD in your computers, and use mirrored external USB 3.0 HDDs for backup. Please contact me if that sentence makes no sense.

PROCESSOR: You needn’t go for the “top of the line” processor. They tend to be “priced extra high because some people will pay that much” and they use more power. Power saving is important in a laptop.

PRINTER: Be sure you get a printer that supports easy printing from your iPhone, Android, Windows Phone, and other devices.

MOUSE: For goodness sakes, get a mouse that is designed to be used “anywhere.” They work great on just about any mousing surface.

KEYBOARD: If you type a lot and don’t know about them, check out Das Keyboard

Please ask additional questions and/or post your advice below…

The post Special Computer Buying Guide appeared first on Foster Institute.